OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] We resolve ...


Hi
 
> "Now for instance, suppose you want to enforce a situation in which any of 
> us can grant authorizations and, possibly denials, for some access and 
> a denial-take-precedence policy should be enforced (meaning it sufficient 
> that one of us says "deny (because of a negative authorization), and the 
> access should be rejected. How do you enforce this? You cannot have the 
> different administrators operate on the applicable policy (meaning 
> actually have writing privilege on that document)."
> 
> This is how ...

then my NOT have a global semantics right? 
Where is it dictated? is the AND you have at the beginning of the 
policy? if it the case then that everybody specifying an applicable policy 
(which in this case seems to be indeed overlapping) has control over how 
"string" his denial is? (i.e., how it is combined)?

if i am not mistaken this implied multiple applicable policies 
(meaning overlapping targets). isn't there the danger of somebody 
specifying a policy he think will be obeyed but then it will not be so?

-p



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC